On Sat, Dec 23, 2017 at 07:26:03AM +0900, Masashi Honma wrote:
The FILS(Fast Initial Link Setup) is a specification defined by IEEE 802.11ai to speed up roaming. This patch adds support of it. I have tested with both FILS-SHA256 and FILS-SHA384 by PEAP. Signed-off-by: Masashi Honma <masashi honma gmail com> --- libnm-core/nm-setting-wireless-security.c | 9 ++++++--- libnm-core/nm-setting-wireless.c | 5 +++-- src/devices/wifi/nm-wifi-ap.c | 6 ++++-- src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 2 +- src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 3 +++ src/supplicant/nm-supplicant-config.c | 13 +++++++++---- src/supplicant/nm-supplicant-settings-verify.c | 1 + 7 files changed, 27 insertions(+), 12 deletions(-) diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index de77a49..eea0581 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -868,7 +868,8 @@ need_secrets (NMSetting *setting) } if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0) - || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) { + || (strcmp (priv->key_mgmt, "wpa-eap") == 0) + || (strcmp (priv->key_mgmt, "wpa-fils") == 0)) { /* Let caller check the 802.1x setting for secrets */ goto no_secrets; } @@ -887,7 +888,8 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) { NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting); NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self); - const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-none", "wpa-psk", "wpa-eap", NULL }; + const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-none", + "wpa-psk", "wpa-eap", "wpa-fils", NULL };
Hi, please also update the documentation comment of the key-mgmt property at the end of the file. I have found little information about FILS, but I guess a valid use case would be to optionally enable it by passing "key_mgmt=FILS-SHA256 FILS-SHA384 WPA-EAP" to wpa_supplicant, so that the supplicant will fall back to WPA-EAP if the AP doesn't support FILS. Do you think this configuration is useful at all? If so, we shouldn't have a new key-mgmt value 'wpa-fils' but perhaps we should add a new wifi-sec.fils boolean (or tristate) property. Beniamino
Attachment:
signature.asc
Description: PGP signature